Client-server systems provide electronic access by the client to data, information, accounts and other material stored at the server. In financial transactions, the system provides a client electronic access to accounts and financial resources. In a client-server transaction, a client device is required to prove to the server device that it is an authentic client, and not some impersonator or other unauthorized party. Protocols are known by which a client device proves to a server device its authenticity, while at the same time it does not reveal information that could be misused by a third party. In one arrangement, certain client-server systems utilize transaction signing to allow client devices the ability to prove authenticity to a server device.
For example, certain transaction signing solutions use a single device platform (e.g., the client device, such as a user's personal computer) to both submit a transaction request to a transaction server and to generate a transaction signature. Other, more secure transaction signing solutions utilize a second, signing device for generation of the digital signature. In use, the client device transmits a transaction request to the server device over a network connection. In response, the server device transmits certain transaction information back to the client device via the network connection. Upon receipt of the transaction information by the client device, the client device operator enters required parts of the transaction information into the signing device, where the signing device is disconnected from (i.e., not disposed in electrical communication with) both the client device and the server device. Once the signing device generates and displays a resulting electronic signature, the client device operator enters the electronic signature into the client device and transmits the electronic signature to the server device to complete the transaction signing process.